Steve Millar is a Senior Research Engineer with the Georgia Tech
Research Institute (GTRI). He is interested in .NET and all
things on the web. So, building web tools is a passion that he simply cannot ignore.
Steve is interested in building a high-performance framework for rapidly
constructing any kind of web tool that can be imagined by humans. He is
also keenly interested in building a thriving community around this code and
overall concept. In a former life, Steve was the lead architect and SW
development manager for HP's WebInspect product line where he spent a lot of
time obsessing over how to automate web security tasks inside a large,
complex, multi-threaded application. Hopefully he learned enough to help
make this simpler for less obsessed people. Steve also thinks it is strange
to refer to himself in the third person.

ABSTRACT::

Web Security tools are everywhere and they come in multiple flavors from
freely downloadable binaries to open source libraries to commercial
application suites. Unfortunately, they never seem to do exactly what you
need and they are not always easy to extend or configure. Wouldn't it be
nice if the tools were inter-operable, easy to construct (think Lego blocks)
and high-performance? Something more useful than just a few Python scripts
and a prayer. Georgia Tech's Cyber Technology and Information Security Lab
is on a mission to provide such a tool framework.

SpiderSense is a .NET code library and suite of tools that enables rapid
development of web security tools and data mining applications. The core
pillars of SpiderSense are a high performance web crawler, a modular and
extensible analysis engine and pluggable content parsers. These modules can
be combined quickly and flexibly to create data gathering and discovery
tools. SpiderSense also enables the crafting of non-standard HTTP payloads
that can be used in automated penetration testing and web-based
exploitation. The framework also uses a plug-in analysis model to allow
experimentation with a broad range of analysis algorithms. If you can do it
with HTTP then you can do it with SpiderSense.

We will show just a few slides to outline the problem then quickly
dive into SpiderSense starting with demonstrations of a few tools and
finishing with a discussion of architecture, community and the development
roadmap. Hopefully we can get some good brain-storms to occur around the
topics of cool features and ways for the community to contribute. The
speaker also wants to walk away with some great ideas about possible
extensibility points from the audience. Bring your thinking cap and your
good ideas about web tools and we'll roll up our sleeves and talk code!